General

  • Target

    Revo Uninstaller Pro 3.1.8.exe

  • Size

    11.0MB

  • Sample

    241029-psmqnawphm

  • MD5

    77ee834405bfecc0df121ac3453e8fa8

  • SHA1

    3fa8ac41e93ea2305c8460c6aab6ea35a841ceb4

  • SHA256

    b5092827faa342368419da2d7b4400a0c7c9409c7b55f578fa0219750770a9ed

  • SHA512

    601331aaa32c3435d1a593427ae3e2a46082dff9c4d3a9880e1c93cf2f7ab504738dbfe6ca713732b912b36d4dae7bc808577cb40a969e55b135c37950026e2e

  • SSDEEP

    196608:pw+KyuQ5hy4VkzLP4hIgB4N4eyidL7Eui+KDwOtvqMd4a2K5VfdjlS0LSr9:pjvlyF4hIVNJfL2wOtS5a2AVlj80LS5

Malware Config

Targets

    • Target

      Revo Uninstaller Pro 3.1.8.exe

    • Size

      11.0MB

    • MD5

      77ee834405bfecc0df121ac3453e8fa8

    • SHA1

      3fa8ac41e93ea2305c8460c6aab6ea35a841ceb4

    • SHA256

      b5092827faa342368419da2d7b4400a0c7c9409c7b55f578fa0219750770a9ed

    • SHA512

      601331aaa32c3435d1a593427ae3e2a46082dff9c4d3a9880e1c93cf2f7ab504738dbfe6ca713732b912b36d4dae7bc808577cb40a969e55b135c37950026e2e

    • SSDEEP

      196608:pw+KyuQ5hy4VkzLP4hIgB4N4eyidL7Eui+KDwOtvqMd4a2K5VfdjlS0LSr9:pjvlyF4hIVNJfL2wOtS5a2AVlj80LS5

    • Drops file in Drivers directory

    • Adds Run key to start application

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks